If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Microsoft Baseline Security Analyzer V1.2 Available for Download

The new version of Microsoft Baseline Security Analyzer ( V 1.2) was release.

As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA).

The part I appreciate is scanning for security updates other than the OS, ie Office and some server apps like Exchange 2003.

I currently use v 1.1.1 in conjunction with SUS. I know M$ is working on v2.0 of SUS which will be able to push more than critical OS patches. Being able to push Office and other patches will cut down on the SMS packages.

1. I was looking forward to seeing how up to date my Office installs were. The interface for BSA looks the same – I half expected a new check box for office products. There is a scanning options link that points to MS Office Assistance and states: Microsoft Baseline Security Analyzer version 1.2 can only scan for Office updates on a local machine. Office updates will not be detected in remote machine scans.
2. The second is more of an annoyance than anything. If you have an updated version of a patch BSA will report: Security updates are out of date. When you look at the details it tells you that: File version is greater than expected. I had heard from the beta testers that this would be the case, but I was hopeful that they might have touched it up a bit.

The product is a start. The product is still version 1. There is more that needs to be done in my opinion.

SMS with SUS is definitely the way to go. We have recently implemented this system, and man does it make for a real nice way to keep up with patch levels on systems. Make deployment of the patches much easier also.

Originally posted here by brackenwood The second is more of an annoyance than anything. If you have an updated version of a patch BSA will report: Security updates are out of date. When you look at the details it tells you that: File version is greater than expected. I had heard from the beta testers that this would be the case, but I was hopeful that they might have touched it up a bit.

That really bugs the heck out of me. I'm currently using v1.1.1 of the MBSA, and that has always bothered me. I do wish they would fix that but alas, don't guess it happened in this version.

Security files for older versions will NO LONGER be kept up to date. From MS...

MBSA and SMS Users: Upgrade Now

Versions of Microsoft Baseline Security Analyzer earlier than 1.2 no longer will be supported and their mssecure.xml file, which detects security updates, will not be kept current. Scans they perform will be incomplete. This also affects Systems Management Server 2.0 Software Update Services (SUS) Feature Pack and SMS 2003 because they use MBSA as their security scan engine

.

Got to upgrade to stay with current updated vulnerabilities. This could effect 3rd party scanners and scan engines as well. I would check.

West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.